Wednesday, February 12, 2014

Spear Fished, Damn

Boot Key Harbor, Marathon, Florida

I like to think of myself as an especially experienced and savvy Internet user. I had my own web page in 1994, back in the time when there were fewer than 4000 web pages in the world. I had email and a domain name way back in the 80/0s, long before the world wide net. In fact I was early enough that I could have gotten the domain name (except that the guy handing out assignments thought that would not be appropriate). If my name was Bob or Harry or Sam, it may have been a different story.

Anyhow, all that chest thumping leads up to my claim that I am extremely resistant to Internet scams and phishing emails. Notwithstanding that claim, I fell for a spear phishing scam this morning. Damn.

I got an email in my gmail account claiming to be from the "Gmail Team". It said that I had two messages waiting about my account. It greatly resembled emails i get from my bank, from PayPal, and from Verizon, so it looked familiar. So i clicked on the link. A login screen came up. I just changed my Google password the day before, so I was used to being asked to renter the new password several times per day.I re-entered my google login data.

Then it dawned on me. Gmail just sends email to my gmail account when needed, and that I was already logged not google to see the message. It was a spear phishing scam. I immediately change my Google password again, and I'll change it again later today after i generate a 64 character random sequence. But I'm kicking myself for being stupid.

Here is the devilish thing about cyber security. Informed, cautious people don't make mistakes most of the time. But most of the time is not good enough. Only people driven to paranoid-like levels of caution (such as Edward Snowden), are careful enough to never make mistakes.

My google account not only gives me email, it also provides access to one of my most prized possessions - this blog. I back up the blog archive once every couple of months. Still, it would be a major setback to me and to you if I lost access to this blog account.

No comments:

Post a Comment

Type your comments here.